[dns-operations] More Aggressive prefetch for popular names
phoffman at proper.com
Wed Apr 10 14:27:55 UTC 2019
On 10 Apr 2019, at 0:42, Giovane Moura wrote:
>> So why would anyone want to prefetch popular names? You get a lot of
>> already while the TTL expires. Preventing that one cache miss does
>> not get
>> you a lot of gain on aggregate. It appears that the benefit of
>> is concentrated among 'moderately popular domains'.
>> If a popular name with a low TTL has a slow / unreliable set of
>> authoritative servers, why paper over that? They can either raise
>> their TTL
>> or fix their servers.
> Plus, let's not forget the consequences for auth servers if thousands
> resolvers start to do prefetching: if they were slow, imagine then
> prefetching from potentially thousands of clients for thousands of
> domains. It can and will probably make things *worse* for the auth
> Modern resolvers already have two built in mechanism to deal with slow
> or unresponsive auth servers: server switching (looping thru the NS
> list) and retries (resending the queries).
> We have seen in a controlled experiment with 15,000 vantage points
> can happen when auth servers become unresponsive (like during a DDos):
> resolvers will multiply their normal query load by 8-9 times, in an
> attempt to resolve a domain. See Fig 9 in .
> In summary: prefetching may backfire big time. By creating
> traffic, it may winding up increasing the latency for everybody.
>  https://www.isi.edu/~johnh/PAPERS/Moura18b.pdf
The flip side of this argument is that prefetching when a new request is
expected within the next TTL helps the first users after the TTL
expiration. For 30-second TTLs, this could easily be of value to more
than one user, particularly if the authoritative response is slow.
Prefetching without a perceived need is indeed wasteful. However, if the
name was served from the cache during the last 25% of the TTL, that's a
good indication that it will be requested again after the TTL has
expired. Using this non-aggressive pre-fetching "requested from the
cache during the end of lifetime" rule seems useful to resolver users
while only increasing the authoritative load in the less common cases.
More information about the dns-operations